From 291b66e983dd4652839be0dd765616b65fd4c54b Mon Sep 17 00:00:00 2001
From: Nam Nguyen Hoai <namnh@vn.fujitsu.com>
Date: Wed, 17 Aug 2016 13:40:52 +0700
Subject: Add direction and protocol options to os security group rule list cmd

This patch added direction options (--ingress, --egress) and protocol
option (--protocol) to filter rules by os security group rule list command.

Change-Id: I56ace3f97eb927fd2a868f728c7347a29d028b67
Closes-Bug: #1613533
Partially-Implements: blueprint network-commands-options
---
 openstackclient/network/v2/security_group_rule.py  | 30 ++++++++++++
 .../unit/network/v2/test_security_group_rule.py    | 54 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)

(limited to 'openstackclient')

diff --git a/openstackclient/network/v2/security_group_rule.py b/openstackclient/network/v2/security_group_rule.py
index e3be44ec..3b9055df 100644
--- a/openstackclient/network/v2/security_group_rule.py
+++ b/openstackclient/network/v2/security_group_rule.py
@@ -379,6 +379,28 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
             default=False,
             help=argparse.SUPPRESS
         )
+        parser.add_argument(
+            '--protocol',
+            metavar='<protocol>',
+            type=_convert_to_lowercase,
+            help=_("List rules by the IP protocol ("
+                   "ah, dhcp, egp, esp, gre, icmp, igmp, "
+                   "ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, "
+                   "ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, "
+                   "udp, udplite, vrrp and integer representations [0-255])."
+                   )
+        )
+        direction_group = parser.add_mutually_exclusive_group()
+        direction_group.add_argument(
+            '--ingress',
+            action='store_true',
+            help=_("List rules applied to incoming network traffic")
+        )
+        direction_group.add_argument(
+            '--egress',
+            action='store_true',
+            help=_("List rules applied to outgoing network traffic")
+        )
         parser.add_argument(
             '--long',
             action='store_true',
@@ -443,6 +465,14 @@ class ListSecurityGroupRule(common.NetworkAndComputeLister):
             query = {'security_group_id': security_group_id}
         else:
             columns = columns + ('security_group_id',)
+
+        if parsed_args.ingress:
+            query['direction'] = 'ingress'
+        if parsed_args.egress:
+            query['direction'] = 'egress'
+        if parsed_args.protocol is not None:
+            query['protocol'] = parsed_args.protocol
+
         rules = list(client.security_group_rules(**query))
 
         # Reformat the rules to display a port range instead
diff --git a/openstackclient/tests/unit/network/v2/test_security_group_rule.py b/openstackclient/tests/unit/network/v2/test_security_group_rule.py
index 96d58e5c..f91314d6 100644
--- a/openstackclient/tests/unit/network/v2/test_security_group_rule.py
+++ b/openstackclient/tests/unit/network/v2/test_security_group_rule.py
@@ -942,6 +942,60 @@ class TestListSecurityGroupRuleNetwork(TestSecurityGroupRuleNetwork):
         self.assertEqual(self.expected_columns_no_group, columns)
         self.assertEqual(self.expected_data_no_group, list(data))
 
+    def test_list_with_protocol(self):
+        self._security_group_rule_tcp.port_range_min = 80
+        arglist = [
+            '--protocol', 'tcp',
+        ]
+        verifylist = [
+            ('protocol', 'tcp'),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.security_group_rules.assert_called_once_with(**{
+            'protocol': 'tcp',
+        })
+        self.assertEqual(self.expected_columns_no_group, columns)
+        self.assertEqual(self.expected_data_no_group, list(data))
+
+    def test_list_with_ingress(self):
+        self._security_group_rule_tcp.port_range_min = 80
+        arglist = [
+            '--ingress',
+        ]
+        verifylist = [
+            ('ingress', True),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.security_group_rules.assert_called_once_with(**{
+            'direction': 'ingress',
+        })
+        self.assertEqual(self.expected_columns_no_group, columns)
+        self.assertEqual(self.expected_data_no_group, list(data))
+
+    def test_list_with_wrong_egress(self):
+        self._security_group_rule_tcp.port_range_min = 80
+        arglist = [
+            '--egress',
+        ]
+        verifylist = [
+            ('egress', True),
+        ]
+        parsed_args = self.check_parser(self.cmd, arglist, verifylist)
+
+        columns, data = self.cmd.take_action(parsed_args)
+
+        self.network.security_group_rules.assert_called_once_with(**{
+            'direction': 'egress',
+        })
+        self.assertEqual(self.expected_columns_no_group, columns)
+        self.assertEqual(self.expected_data_no_group, list(data))
+
 
 class TestListSecurityGroupRuleCompute(TestSecurityGroupRuleCompute):
 
-- 
cgit v1.2.1